To create a federation between VMware Workspace ONE Access and AD FS, you configure VMware Workspace ONE Access as a claims provider (or identity provider) for AD FS.


  • Download the VMware Workspace ONE Access IdP Metadata
  • Verify the federation between AD FS and the application that you want to authenticate through the VMware Workspace ONE Access service. Verify that AD FS successfully authenticates users logging into the application through a web browser.
Note: Before proceeding,


  1. On the AD FS server, run the AD FS Management console as an administrator.
  2. (AD FS 3.0) In the left pane, expand the Trust Relationships folder.
  3. In the left pane, click Claims Provider Trusts to highlight it. Then right-click Claims Provider Trusts and select Add Claims Provider Trust from the menu.

    The Add Claims Provider Trust Wizard appears.

  4. Click Start.
  5. On the Select Data Source page, import the IdP metadata file that you downloaded from VMware Workspace ONE Access.
    1. Select Import data about the claims provider from a file.

    2. Click Browse, and navigate to the VMware Workspace ONE Access IdP metadata file. To import the metadata file, click Open.
    3. Then click Next.
  6. On the Specify Display Name page, in the Display name text box, enter a name for the VMware Workspace ONE Access relying party. Use a name that is recognizable to users who might need to select VMware Workspace ONE Access as the authentication option during the login process. Then click Next.
  7. On the Ready to Add Trust page, review your changes and then click Next.
  8. On the Finish page, select the Open the Edit Claim Rules dialog for this claims provider trust when the wizard closes check box. Then click Close.
    The Edit Claim Rules window appears.

What to do next

Configure Claim Rules for the Claims Provider Trust